We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.
In cooperation with Association of Corporate Counsel
  Request new password

Search results

Order by most recent / most popular / relevance

Results: 1-10 of 68

Health insurer’s costly privacy breach provides guidance for managing HIPAA risks associated with electronically-stored PHI

  • Williams Mullen
  • -
  • USA
  • -
  • March 29 2012

In the first enforcement action resulting from a reported privacy breach under the HITECH Act, Blue Cross and Blue Shield of Tennessee (“BCBST”) recently entered a $1.5 million settlement with the U.S. Department of Health & Human Services following the theft of 57 hard drives from a former BCBST call center

Connecticut fines Health Net $375,000 for data breach

  • Hunton & Williams LLP
  • -
  • USA
  • -
  • November 10 2010

On November 8, 2010, Connecticut Insurance Commissioner Thomas Sullivan announced that Health Net of Connecticut, Inc. (“Health Net”) had agreed to pay $375,000 in penalties for failing to safeguard the personal information of its members from misuse by third parties

Large PHI security breaches: the University of Rochester Medical Center hits a double in 2010

  • Fox Rothschild LLP
  • -
  • USA
  • -
  • January 19 2011

This blog series has been following the continuing flow of large security breaches of Protected Health Information ("PHI") and how affected providers and insurers have been responding to their discovery

OCR proposes expansion of HIPAA and HITECH rights: industry to be saddled with large costs; 20 minutes to read and implement 24 pages of regulations?

  • Haynes and Boone LLP
  • -
  • USA
  • -
  • May 31 2011

The Office for Civil Rights (OCR) of the Department of Health and Human Services today proposed an expansion of the rights of individuals to obtain reports from health providers and insurers about how their protected health information (PHI) is used

Indiana AG sues for delayed breach notice

  • Winston & Strawn LLP
  • -
  • USA
  • -
  • December 23 2010

The Indiana Attorney General has filed a complaint against health insurer WellPoint, Inc., alleging that the company failed to provide timely notification of a data breach to affected state residents and the Attorney General’s office in violation of the Indiana data breach notice statute

Indiana AG sues insurer over data insecurity

  • Steptoe & Johnson LLP
  • -
  • USA
  • -
  • November 13 2010

Only eight months after drawing the ire of California and federal officials over a proposed 39 rate-hike, health insurer WellPoint now finds itself the target of a lawsuit by the Indiana Attorney General

Minnesota AG sues debt collection agency for health privacy violations

  • Hunton & Williams LLP
  • -
  • USA
  • -
  • January 24 2012

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., for violations of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws

HHS to conduct privacy audits

  • Dow Lohnes PLLC
  • -
  • USA
  • -
  • November 3 2011

The Department of Health and Human Services’ Office for Civil Rights (OCR) expects to commence an audit program late in 2011 regarding compliance with the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA

HHS announces second penalty for violations of the HIPAA privacy rule this week

  • Bricker & Eckler LLP
  • -
  • USA
  • -
  • February 25 2011

On February 24, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that General Hospital Corporation and Massachusetts General Physicians Organization, Inc. (collectively “Mass General”) has entered into a settlement agreement to resolve a complaint that they violated the Health Insurance Portability and Accountability Act (HIPAA) privacy rules

More to follow? Connecticut AG brings first HIPAA violation case

  • Baker & Hostetler LLP
  • -
  • USA
  • -
  • January 21 2010

Last week, Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut (Health Net), which is part of Health Net, Inc., a multi-state managed care company, for violations of the Health Insurance Portability and Accountability Act (HIPAA